Enable system NSS key slot.

net/ssl/client_cert_store_chromeos.cc

Index: net/ssl/client_cert_store_chromeos.cc
diff --git a/net/ssl/client_cert_store_chromeos.cc b/net/ssl/client_cert_store_chromeos.cc
index bd4a5c47ccbacc55a2560b959155bd2b4c3af274..6dacd4569207e6591bb5bba057388d44e3d802ce 100644
--- a/net/ssl/client_cert_store_chromeos.cc
+++ b/net/ssl/client_cert_store_chromeos.cc
@@ -12,11 +12,46 @@
 
 namespace net {
 
+namespace {
+
+typedef base::Callback<void(crypto::ScopedPK11Slot system_slot,
+                            crypto::ScopedPK11Slot private_slot)>
+    GetSystemAndPrivateSlotCallback;
+
+// Gets the private slot for the user with the username hash |username_hash| and
+// calls |callback| with both |system_slot| and the obtained private slot.
+void GetPrivateSlotAndCallBack(const std::string& username_hash,
+                               const GetSystemAndPrivateSlotCallback& callback,
+                               crypto::ScopedPK11Slot system_slot) {
+  base::Callback<void(crypto::ScopedPK11Slot)> wrapped_callback =
+      base::Bind(callback, base::Passed(&system_slot));
+
+  crypto::ScopedPK11Slot slot(
+      crypto::GetPrivateSlotForChromeOSUser(username_hash, wrapped_callback));
+  if (slot)
+    wrapped_callback.Run(slot.Pass());
+}
+
+// Gets the system slot, then the private slot for the user with the username
+// hash |username_hash|, and finally calls |callback| with both slots.
+void GetSystemAndPrivateSlot(const std::string& username_hash,
+                             const GetSystemAndPrivateSlotCallback& callback) {
+  crypto::ScopedPK11Slot system_slot(crypto::GetSystemNSSKeySlot(

[Ryan Sleevi, 2014/07/29 23:53:15]

This is temporary, right? Doesn't seem like we should be doing singletons.

[pneubeck (no reviews), 2014/07/30 06:27:40]

Yes. At first I wanted to pass the system slot to the c'tor.
However, ProfileIOData::CreateClientCertStore is synchronous ?!)(#$

Yet-another TODO is to make that function asynchrounous and pass the system slot
(or better all slots) through the c'tor of this store (and then also to the
store of Linux)

That will also simplify the tests again and make them independent of the
singletons in nss_util.

[Ryan Sleevi, 2014/07/30 06:45:30]

Don't do this. Don't make another factory.

The ClientCertStore is already supposed to handle things async. We shouldn't be
lobbing more async factory functions around - they inevitably signal a coupling
that is too tight.

+      base::Bind(&GetPrivateSlotAndCallBack, username_hash, callback)));
+  if (system_slot)
+    GetPrivateSlotAndCallBack(username_hash, callback, system_slot.Pass());
+}
+
+}  // namespace
+
 ClientCertStoreChromeOS::ClientCertStoreChromeOS(
+    bool use_system_slot,
     const std::string& username_hash,
     const PasswordDelegateFactory& password_delegate_factory)
     : ClientCertStoreNSS(password_delegate_factory),
-      username_hash_(username_hash) {}
+      use_system_slot_(use_system_slot),
+      username_hash_(username_hash) {
+}
 
 ClientCertStoreChromeOS::~ClientCertStoreChromeOS() {}
 
@@ -24,24 +59,29 @@ void ClientCertStoreChromeOS::GetClientCerts(
     const SSLCertRequestInfo& cert_request_info,
     CertificateList* selected_certs,
     const base::Closure& callback) {
-  crypto::ScopedPK11Slot private_slot(crypto::GetPrivateSlotForChromeOSUser(
-      username_hash_,
-      base::Bind(&ClientCertStoreChromeOS::DidGetPrivateSlot,
+  GetSystemAndPrivateSlotCallback bound_callback =
+      base::Bind(&ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot,
                  // Caller is responsible for keeping the ClientCertStore alive
                  // until the callback is run.
                  base::Unretained(this),
                  &cert_request_info,
                  selected_certs,
-                 callback)));
-  if (private_slot)
-    DidGetPrivateSlot(
-        &cert_request_info, selected_certs, callback, private_slot.Pass());
+                 callback);
+
+  if (use_system_slot_) {
+    GetSystemAndPrivateSlot(username_hash_, bound_callback);
+  } else {
+    // Skip getting the system slot.
+    GetPrivateSlotAndCallBack(
+        username_hash_, bound_callback, crypto::ScopedPK11Slot());
+  }
 }
 
-void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list,
-                                            const SSLCertRequestInfo& request,
-                                            bool query_nssdb,
-                                            CertificateList* selected_certs) {
+void ClientCertStoreChromeOS::GetClientCertsImpl(
+    CERTCertList* cert_list,
+    const SSLCertRequestInfo& request,
+    bool query_nssdb,
+    CertificateList* selected_certs) {
   ClientCertStoreNSS::GetClientCertsImpl(
       cert_list, request, query_nssdb, selected_certs);
 
@@ -57,13 +97,15 @@ void ClientCertStoreChromeOS::GetClientCertsImpl(CERTCertList* cert_list,
            << pre_size << " certs";
 }
 
-void ClientCertStoreChromeOS::DidGetPrivateSlot(
+void ClientCertStoreChromeOS::DidGetSystemAndPrivateSlot(
     const SSLCertRequestInfo* request,
     CertificateList* selected_certs,
     const base::Closure& callback,
+    crypto::ScopedPK11Slot system_slot,
     crypto::ScopedPK11Slot private_slot) {
   profile_filter_.Init(crypto::GetPublicSlotForChromeOSUser(username_hash_),
-                       private_slot.Pass());
+                       private_slot.Pass(),
+                       system_slot.Pass());
   ClientCertStoreNSS::GetClientCerts(*request, selected_certs, callback);
 }